[Bug 25045] New: REST API public route accessible if OpacPublic is off
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Bug ID: 25045 Summary: REST API public route accessible if OpacPublic is off Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Architecture, internals, and plumbing Assignee: koha-bugs@lists.koha-community.org Reporter: jonathan.druart@bugs.koha-community.org QA Contact: testopia@bugs.koha-community.org Depends on: 22061 There is RESTPublicAPI to deal with that, but both are enabled by default. One could think that turning OpacPublic off will make all the data non-accessible, but that's wrong. Maybe we need a note on OpacPublic to explain the situation. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22061 [Bug 22061] Add route to change patron's password (public) -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tomascohen@gmail.com --- Comment #1 from Tomás Cohen Arazi <tomascohen@gmail.com> --- This was broadly discussed by the time this got implemented. The idea was that one could want the OPACDisabled, but enable the API for, say, using it from an external system, like a discovery tool like VuFind. That said, I think we need to add a clear message on the OPACPublic syspref about the API, and probably an entry warning about !OPACPublic && RESTPublicAPI meaning the API is accessible. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|unspecified |master -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #2 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Hmm, I got the OpacPublic behaviour wrong. This needs to be discussed in a dev meeting I belive. OpacPublic doesn't disable the OPAC as I thought (based on my memories from the 'have an on/off switch for the API' discussion), but only allow interacting with it after there's a valid session. We might need to develop some way to identify public routes that don't require a session. We don't have such routes yet, but worth considering as there are routes like the one for fetching records on the QA queue. We should add that to the agenda. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=24909 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=24861 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|REST API public route |Add a way to restrict |accessible if OpacPublic is |anonymous access to public |off |routes (OpacPublic | |behaviour) See Also|https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=24909 | Depends on| |24909 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24909 [Bug 24909] Add unprivileged route to get a bibliographic record -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #3 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 102846 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102846&action=edit Bug 25045: Add the RESTPublicAnonymousRequests syspref -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #4 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 102847 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102847&action=edit Bug 25045: Unit tests -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #5 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 102848 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102848&action=edit Bug 25045: Allow restricting anonymous requests on the public API This patch introduces a check on the authenticate_api_request method for the RESTPublicAnonymousRequests system preference. If disabled, anonymous requests get rejected. The idea is to replicate the homologous OpacPublic system preference behaviour. To test: 1. Apply the Unit tests patch 2. Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t => FAIL: Tests fail, 200 is answered instead of 401 on the route. 3. Apply this patch 4. Repeat 2. => SUCCESS: Tests pass! 5. Sign off :-D -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #6 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 102849 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102849&action=edit Bug 25045: (follow-up) Add a note to OpacPublic This patch tweaks the OpacPublic system preference description so users don't expect, incorrectly, this syspref to disable the public API anonymous access. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Small patch Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |agustinmoyano@theke.io, | |jonathan.druart@bugs.koha-c | |ommunity.org, | |katrin.fischer@bsz-bw.de, | |martin.renvoize@ptfs-europe | |.com, | |nick@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #7 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Any feedback on the wording is greatly appreciated. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #8 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Maybe that does not make sense but, don't you think we should make is_public mandatory in authenticate_api_request? That would prevent a future call to forget it. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #9 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- (In reply to Jonathan Druart from comment #8)
Maybe that does not make sense but, don't you think we should make is_public mandatory in authenticate_api_request?
That would prevent a future call to forget it.
Scratch that, it does not make sense. There won't be bad side-effects if it's not passed. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #10 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- The "Note" does not appear in the syspref's description. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #102846|0 |1 is obsolete| | Attachment #102847|0 |1 is obsolete| | Attachment #102848|0 |1 is obsolete| | Attachment #102849|0 |1 is obsolete| | --- Comment #11 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 103651 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103651&action=edit Bug 25045: Add the RESTPublicAnonymousRequests syspref Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #12 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 103652 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103652&action=edit Bug 25045: Unit tests Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #13 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 103653 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103653&action=edit Bug 25045: Allow restricting anonymous requests on the public API This patch introduces a check on the authenticate_api_request method for the RESTPublicAnonymousRequests system preference. If disabled, anonymous requests get rejected. The idea is to replicate the homologous OpacPublic system preference behaviour. To test: 1. Apply the Unit tests patch 2. Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t => FAIL: Tests fail, 200 is answered instead of 401 on the route. 3. Apply this patch 4. Repeat 2. => SUCCESS: Tests pass! 5. Sign off :-D Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #14 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 103654 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103654&action=edit Bug 25045: (follow-up) Add a note to OpacPublic This patch tweaks the OpacPublic system preference description so users don't expect, incorrectly, this syspref to disable the public API anonymous access. Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off CC| |kyle@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #15 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 103655 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103655&action=edit Bug 25045: (QA follow-up) Fix note display on OpacPublic description Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103651|0 |1 is obsolete| | Attachment #103652|0 |1 is obsolete| | Attachment #103653|0 |1 is obsolete| | Attachment #103654|0 |1 is obsolete| | Attachment #103655|0 |1 is obsolete| | --- Comment #16 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 103675 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103675&action=edit Bug 25045: Add the RESTPublicAnonymousRequests syspref Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #17 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 103676 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103676&action=edit Bug 25045: Unit tests Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #18 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 103677 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103677&action=edit Bug 25045: Allow restricting anonymous requests on the public API This patch introduces a check on the authenticate_api_request method for the RESTPublicAnonymousRequests system preference. If disabled, anonymous requests get rejected. The idea is to replicate the homologous OpacPublic system preference behaviour. To test: 1. Apply the Unit tests patch 2. Run: $ kshell k$ prove t/db_dependent/api/v1/auth_authenticate_api_request.t => FAIL: Tests fail, 200 is answered instead of 401 on the route. 3. Apply this patch 4. Repeat 2. => SUCCESS: Tests pass! 5. Sign off :-D Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #19 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 103678 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103678&action=edit Bug 25045: (follow-up) Add a note to OpacPublic This patch tweaks the OpacPublic system preference description so users don't expect, incorrectly, this syspref to disable the public API anonymous access. Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Bug 25045: (QA follow-up) Fix note display on OpacPublic description Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact|testopia@bugs.koha-communit |jonathan.druart@bugs.koha-c |y.org |ommunity.org -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)| |20.05.00 released in| | Status|Passed QA |Pushed to master -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #20 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Nice work everyone! Pushed to master for 20.05 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #21 from Jonathan Druart <jonathan.druart@bugs.koha-community.org> --- Created attachment 103748 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103748&action=edit Bug 25045: (follow-up) Add the RESTPublicAnonymousRequests syspref -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #22 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 103749 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103749&action=edit Bug 25045: (RM follow-up) Add the RESTPublicAnonymousRequests syspref The atomic update alos included a quoting mistake Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #23 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Nice work everyone! Pushed to master for 20.05 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #24 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Created attachment 103773 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=103773&action=edit Bug 25045: (RM follow-up) Correction to updatedatebase.pl Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |25327 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25327 [Bug 25327] Cannot access API spec -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Joy Nelson <joy@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joy@bywatersolutions.com --- Comment #25 from Joy Nelson <joy@bywatersolutions.com> --- not backported to 19.11.x -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #26 from Joy Nelson <joy@bywatersolutions.com> --- missing dependencies, not backported -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Jonathan Druart <jonathan.druart@bugs.koha-community.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |25484 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25484 [Bug 25484] Public routes added by plugins are no longer accessible -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement Text to go in the| |This enhancement allows release notes| |libraries to distinctly | |disable the OPAC but allow | |the public facing API's to | |be enabled. | | | |**New system | |preference**: | |`RESTPublicAnonymousRequest | |s` defaults to enabled. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #27 from David Cook <dcook@prosentient.com.au> --- Bug 24909 has been pushed now, so in theory this could be pushed too, although personally I'm not a huge fan of pushing database updates to stable releases... -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Aleisha Amohia <aleisha@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to master |Pushed to stable CC| |aleisha@catalyst.net.nz --- Comment #28 from Aleisha Amohia <aleisha@catalyst.net.nz> --- won't be backporting this to 19.11.x due to the db update. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #29 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to David Cook from comment #27)
Bug 24909 has been pushed now, so in theory this could be pushed too, although personally I'm not a huge fan of pushing database updates to stable releases...
This one is basically a syspref. Database structure changes are the problematic ones. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #30 from David Cook <dcook@prosentient.com.au> --- (In reply to Tomás Cohen Arazi from comment #29)
(In reply to David Cook from comment #27)
Bug 24909 has been pushed now, so in theory this could be pushed too, although personally I'm not a huge fan of pushing database updates to stable releases...
This one is basically a syspref. Database structure changes are the problematic ones.
That's a good point! I admit that I didn't drill down into the patches to examine. I just saw the updatedatabase.pl in the description and got anxious. I run a lot of 19.11 instances, and I would love to see this backported. I withdraw my earlier objection. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #31 from Aleisha Amohia <aleisha@catalyst.net.nz> --- I have tried to apply but tests fail on my devbox for 19.11.x. $ prove -v t/db_dependent/api/v1/auth_authenticate_api_request.t t/db_dependent/api/v1/auth_authenticate_api_request.t .. 1..3 # Subtest: token-based tests 1..10 [2020-06-19 09:33:05.84026] [12653] [debug] POST "/api/v1/oauth/token" (5ef232ce) [2020-06-19 09:33:05.84638] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:05.84791] [12653] [debug] Routing to controller "Koha::REST::V1::OAuth" and action "token" [2020-06-19 09:33:05.86256] [12653] [debug] 200 OK (0.022287s, 44.869/s) ok 1 - POST /api/v1/oauth/token ok 2 - 200 OK ok 3 - exact match for JSON Pointer "/expires_in" ok 4 - exact match for JSON Pointer "/token_type" ok 5 - has value for JSON Pointer "/access_token" [2020-06-19 09:33:05.86597] [12653] [debug] GET "/api/v1/patrons" (01e901a8) [2020-06-19 09:33:05.86677] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:05.88419] [12653] [debug] Routing to controller "Koha::REST::V1::Patrons" and action "list" [2020-06-19 09:33:06.11926] [12653] [debug] 200 OK (0.253264s, 3.948/s) ok 6 - GET /api/v1/patrons ok 7 - 200 OK ok 8 - The 'koha.user' object is defined in the stash ok 9 - Stashed koha.user object type is Koha::Patron ok 10 - The stashed user is the right one ok 1 - token-based tests # Subtest: cookie-based tests 1..5 [2020-06-19 09:33:06.29506] [12653] [debug] GET "/api/v1/patrons" (4f027938) [2020-06-19 09:33:06.29565] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:06.29736] [12653] [debug] 503 Service Unavailable (0.00229s, 436.681/s) ok 1 - GET /api/v1/patrons not ok 2 - 200 OK # Failed test '200 OK' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 112. # got: '503' # expected: '200' not ok 3 - The 'koha.user' object is defined in the stash # Failed test 'The 'koha.user' object is defined in the stash' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 115. # Looks like you planned 5 tests but ran 3. # Looks like you failed 2 tests of 3 run. not ok 2 - cookie-based tests # Failed test 'cookie-based tests' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 120. # Subtest: anonymous requests to public API 1..4 [2020-06-19 09:33:06.54596] [12653] [debug] GET "/api/v1/public/biblios/3" (1a0aa1cd) [2020-06-19 09:33:06.54737] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:06.54867] [12653] [debug] 503 Service Unavailable (0.002694s, 371.195/s) ok 1 - GET /api/v1/public/biblios/3 not ok 2 - Unauthorized anonymous attempt to access a resource # Failed test 'Unauthorized anonymous attempt to access a resource' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 143. # got: '503' # expected: '401' [2020-06-19 09:33:06.55176] [12653] [debug] GET "/api/v1/public/biblios/3" (ece5c188) [2020-06-19 09:33:06.55231] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:06.55343] [12653] [debug] 503 Service Unavailable (0.001661s, 602.047/s) ok 3 - GET /api/v1/public/biblios/3 not ok 4 - Successfull anonymous access to a resource # Failed test 'Successfull anonymous access to a resource' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 149. # got: '503' # expected: '200' # Looks like you failed 2 tests of 4. not ok 3 - anonymous requests to public API # Failed test 'anonymous requests to public API' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 153. # Looks like you failed 2 tests of 3. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests Test Summary Report ------------------- t/db_dependent/api/v1/auth_authenticate_api_request.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=1, Tests=3, 8 wallclock secs ( 0.02 usr 0.01 sys + 3.77 cusr 1.14 csys = 4.94 CPU) Result: FAIL Please fix up and I will backport! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #32 from Tomás Cohen Arazi <tomascohen@gmail.com> --- (In reply to Aleisha Amohia from comment #31)
I have tried to apply but tests fail on my devbox for 19.11.x.
$ prove -v t/db_dependent/api/v1/auth_authenticate_api_request.t t/db_dependent/api/v1/auth_authenticate_api_request.t .. 1..3 # Subtest: token-based tests 1..10 [2020-06-19 09:33:05.84026] [12653] [debug] POST "/api/v1/oauth/token" (5ef232ce) [2020-06-19 09:33:05.84638] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:05.84791] [12653] [debug] Routing to controller "Koha::REST::V1::OAuth" and action "token" [2020-06-19 09:33:05.86256] [12653] [debug] 200 OK (0.022287s, 44.869/s) ok 1 - POST /api/v1/oauth/token ok 2 - 200 OK ok 3 - exact match for JSON Pointer "/expires_in" ok 4 - exact match for JSON Pointer "/token_type" ok 5 - has value for JSON Pointer "/access_token" [2020-06-19 09:33:05.86597] [12653] [debug] GET "/api/v1/patrons" (01e901a8) [2020-06-19 09:33:05.86677] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:05.88419] [12653] [debug] Routing to controller "Koha::REST::V1::Patrons" and action "list" [2020-06-19 09:33:06.11926] [12653] [debug] 200 OK (0.253264s, 3.948/s) ok 6 - GET /api/v1/patrons ok 7 - 200 OK ok 8 - The 'koha.user' object is defined in the stash ok 9 - Stashed koha.user object type is Koha::Patron ok 10 - The stashed user is the right one ok 1 - token-based tests # Subtest: cookie-based tests 1..5 [2020-06-19 09:33:06.29506] [12653] [debug] GET "/api/v1/patrons" (4f027938) [2020-06-19 09:33:06.29565] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:06.29736] [12653] [debug] 503 Service Unavailable (0.00229s, 436.681/s) ok 1 - GET /api/v1/patrons not ok 2 - 200 OK
# Failed test '200 OK' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 112. # got: '503' # expected: '200' not ok 3 - The 'koha.user' object is defined in the stash
# Failed test 'The 'koha.user' object is defined in the stash' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 115. # Looks like you planned 5 tests but ran 3. # Looks like you failed 2 tests of 3 run. not ok 2 - cookie-based tests
# Failed test 'cookie-based tests' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 120. # Subtest: anonymous requests to public API 1..4 [2020-06-19 09:33:06.54596] [12653] [debug] GET "/api/v1/public/biblios/3" (1a0aa1cd) [2020-06-19 09:33:06.54737] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:06.54867] [12653] [debug] 503 Service Unavailable (0.002694s, 371.195/s) ok 1 - GET /api/v1/public/biblios/3 not ok 2 - Unauthorized anonymous attempt to access a resource
# Failed test 'Unauthorized anonymous attempt to access a resource' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 143. # got: '503' # expected: '401' [2020-06-19 09:33:06.55176] [12653] [debug] GET "/api/v1/public/biblios/3" (ece5c188) [2020-06-19 09:33:06.55231] [12653] [debug] Routing to controller "Koha::REST::V1::Auth" and action "under" [2020-06-19 09:33:06.55343] [12653] [debug] 503 Service Unavailable (0.001661s, 602.047/s) ok 3 - GET /api/v1/public/biblios/3 not ok 4 - Successfull anonymous access to a resource
# Failed test 'Successfull anonymous access to a resource' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 149. # got: '503' # expected: '200' # Looks like you failed 2 tests of 4. not ok 3 - anonymous requests to public API
# Failed test 'anonymous requests to public API' # at t/db_dependent/api/v1/auth_authenticate_api_request.t line 153. # Looks like you failed 2 tests of 3. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests
Test Summary Report ------------------- t/db_dependent/api/v1/auth_authenticate_api_request.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 2-3 Non-zero exit status: 2 Files=1, Tests=3, 8 wallclock secs ( 0.02 usr 0.01 sys + 3.77 cusr 1.14 csys = 4.94 CPU) Result: FAIL
Please fix up and I will backport!
I'll do it tomorrow -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103749|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #103773|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #33 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 106080 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=106080&action=edit [19.11.x] Bug 25045: (follow-up) Fix typo adding the RESTPublicAnonymousRequests syspref -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #106080|0 |1 is obsolete| | --- Comment #34 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Created attachment 106081 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=106081&action=edit [19.11.x] Bug 25045: (follow-up) Fix typo adding the RESTPublicAnonymousRequests syspref -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |24862 --- Comment #35 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Aleisha, in this case it is all patches, including the last patch that specifically targets 19.11.x. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24862 [Bug 24862] Wrong behaviour on anonymous sessions -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Aleisha Amohia <aleisha@catalyst.net.nz> changed: What |Removed |Added ---------------------------------------------------------------------------- Version(s)|20.05.00 |20.05.00, 19.11.07 released in| | Status|Pushed to stable |Pushed to oldstable --- Comment #36 from Aleisha Amohia <aleisha@catalyst.net.nz> --- backported to 19.11.x for 19.11.07 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 Victor Grousset/tuxayo <victor@tuxayo.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |victor@tuxayo.net --- Comment #37 from Victor Grousset/tuxayo <victor@tuxayo.net> --- Missing dependencies for 19.05.x, can't backport. Not sure I understand the details actually. Help need to analyze if someone with a 19.05.x would like this. Keep in mind that it's oldoldstable though so no guarantees. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #38 from Tomás Cohen Arazi <tomascohen@gmail.com> --- There are no anonymous access public routes in 19.05. So not needed. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25045 --- Comment #39 from Victor Grousset/tuxayo <victor@tuxayo.net> --- Thanks! :) -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org